Hackers Are Demanding Extra Ransomware Payments From Victims

Free Dark Web Report

Hackers who use ransomware to conduct their attacks have a new trick up their sleeves. A ransomware family has begun employing the tactic of not only demanding payment to unlock infected systems, but also demanding an additional payment.
They're demanding an extra payment to keep them from publishing copies of the files they stole before encrypting everything.

Hackers have been making the claim for years that they were doing more than just encrypting files, but actually exfiltrating data too. It wasn't until recently, though (November 2019) that a group actually published stolen data as proof that this was, in fact, occurring.

Although this tactic is only currently in use by a hackers deploying the Ako Ransomware, you can bet that the idea will spread like wildfire. After all, there's no real downside as far as the hackers are concerned, and they can coax a bit more money out of the companies, individuals, and organizations they successfully attack.

Bleeping Computers recently interviewed an Ako operator, who confirmed that the tactic was in use and had been successful. The operator said that the tactic was only used on certain victims, depending on the size of the company and the type of data that was stolen. They were very upfront and matter of fact about it.

This underscores two important points:

First, ransomware attacks are data breaches. The hackers aren't just encrypting your files, they're making off with copies too.

Second, backups are incredibly important! Having up to date backups won't prevent a hacker who successfully breaches your system from releasing the data they stole if you don't pay. At the very least, however, you can get your company up and running again in short order without having to pay to have your files decrypted. Sadly, too many companies still don't have a robust backup plan in place. If that describes your company, it's well past time to change that.

The risks are tremendous, and they are growing.

What Happens When Victims Pay Up After A Ransomware Attack?

For several hackers all over the globe, one of the most lucrative business is ransomware. Even though these kinds of malware samples have existed for several years, they have continued to provide several attackers extremely high monetary profits.

As a matter of fact, a statement from the U.S. Deputy Attorney General Rod Rosenstein back in 2017 during the Cambridge Cyber Summit that ransomware attacks have affected more than 100,000 end points every day. The complexity and severity of these cyberattacks as well as how frequent at which victims pay the ransom demands has let hackers earn almost $1 billion. But you need to know that not all cyberattacks are the same, and even in some instances when the victims pay the demands of the hackers, the promised access to the data isn’t always given or returned.

Should You Pay or Not?

If you see a ransomware notification on your screen, you will have a lot of questions and there will be a lot of things that need to be considered. How will the firm proceed with the day to day operations? How will the users get access to crucial data and files? Are there any backups set in place?

One of the most important questions you need to ask is if you should pay the ransom or not. According to the FBI, victims on ransomware should not give in to the demands of the hackers. Data from Kaspersky Labs’ revealed that one in every five firms that fall prey to a cyberattack and pay off the ransom don’t get the decryption key that was promised to them. That means, companies lost a lot of cash and they have not regained access to their critical data, files, and applications.

Indiana Hospital Pays Ransom After SamSam Infection

Hancock Health, a hospital based in Indiana, decided to pay $55,000 after its systems were infected by a ransomware called SamSam. However, even with the quick notification and awareness by employee end users, the IT team of the hospital was still unable to prevent the spread of the ransomware sample.

All of the essential IT systems of the hospital was infected and users can no longer access their email. The electronic health record system was locked as well as other crucial internal platforms. Their access to 1,400 files were blocked. The hackers encrypted the files and had it renamed to “I’m Sorry.” But the hospital managed to regain control of their system and access to their files after paying the ransom.

Kansas Hospital Hacked Again After Paying Ransom

Unlike the Indiana hospital, Kansas Heart Hospital in Wichita suffered a ransomware attack back in 2016. The hospital offices opted to pay the ransom even if patient data and daily operations were not affected.

However, compared to what happened to the Hancock Health case, the access to the data and files wasn’t returned even if they paid the small ransom amount. Instead, the cybercriminals demanded another ransom and the systems that were affected in the first infection remained encrypted.

This situation isn’t unique. There are many hackers who ask for a small ransom amount during the first attack but then demand another payment, which is much higher, after the second attack.

The demands of hackers are increasing and the problem is that many organizations are willing to pay.

Call SpartanTec, Inc. now and let our team set up effective cybersecurity measures to prevent this from happening to your business.

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto